ALT Linux Team

Package xmlgraphics-commons update in c9f2 on 2025-05-22

ALT-PU-2025-6398-4

Package xmlgraphics-commons updated to version 2.7-alt2_1.c9.1jpp11 for branch c9f2 in task 315109.

Closed vulnerabilities

Published: 2021-03-10

BDU:2022-00276

Уязвимость программного обеспечения для преобразования XML форматов xmlgraphics-commons, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

Severity: HIGH (8.2) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
References:
Published: 2021-02-24
Modified: 2024-11-21

CVE-2020-11988

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

Severity: HIGH (8.2) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
References:

Closed bugs

Bug #48160

Исправить сборку xmlgraphics-commons

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.1
Back to top